One colleague once told me that using this authentication method is very insecure. And it proved to put user as: true and password: true , within a system that used this and got through. But I believe the lack of security was in the code that was misspelled and not in the resource.
I would like to know if it is possible to use it securely, or this really makes a mockery, because this site is using this type of system window login, and I would like to be sure, just to warn them risk: